We started with Bruce Potter giving the crowd a warm up to the day's speakers and a bit of history about the con and another bit about how the ticket sales went. in case you don't know, the first batch sold out in about 3 days, the second batch in 45 minutes and the last batch in 8 minutes. Of course there i was trying to buy my ticket in that last batch and didnt make it in the first 8 minutes >:(. thankfully Don came to the rescue.

*this talk was about some advancements & research in WPA & WEP cracking drastically speeding up cracking time using FPGA's. He did a couple of demos and was cracking WEP and WPA with cowpatty on windows and was on the order of 4 times faster with FPGA than without. He also talked about some flaws in OS X FileVault and being able to crack the hashes with John The Ripper. He also did a demo cracking bluetooth PINs, again considerably faster with the FPGA than without. i was really wanting to go out and purchase one until he dropped the $1900.00 pricetag for one.

*this talk was about using the Cachedump tool during assessment to pull down the cached administrator credentials that can be left over when a domain admin logs in to a windows box for maintenance. they discussed that these creds can be cached when the admin logs in locally, remotely with RDP, using the "run as" command, logging in with dameware or if admins share a laptop with other users.

they had a group policy script (dont know if they are releasing it) that would go thru using cachedump look for cached admin creds and delete the key out of the registry which should pretty much mitigate the attack.

Adam ShostackSecurity Breaches are Good for You:

*This talk was about how security breaches should be good for us (as the consumer). He talked about TJMAX and choicepoint data losses/breaches and how you would have thought that these companies would have lost major $$ and customers but it didn't seem to go that way. fairly interesting discussion. the major obstacles to this research seems to be the lack of reporting by companies of losses or breaches or personal data even though most states require it by law.

Johnny LongNo-Tech Hacking

*Excellent talk on really just observing things around you from a hacker's perspective. like what people are wearing at the airport letting you know what they do for a living, security badges, DoD stickers on cars telling ALOT about the person driving, and how shoulder surfing at the airport or on a plane is still a very real threat. He also had another good piece on how valuable dumpster diving still is. really good talk considering it had nothing to with computers per say but still putting those hacker mind skills to work.

Deviant Ollam, Noid and ThornBoomstick-Fu: The Fundamentals of Physical Security at its Most Basic Level:

*this talk was about firearms. handguns versus rifles vs shotguns. good Q&A with some ex law enforcement people.

*when the talk starts out with the guy explaining entropy and log and traffic analysis to all the people in the crowd you know you are in for some good con-fu and it was good. Check out his speaker bio for more info:http://www.shmoocon.org/speakers.html

Keynote Address: Aviel Rubin:

*GREAT talk on Breaking into systems; Political, Legal, & Technical Aspects. Covered responsible disclosure and the law, how/when to involve lawyers, DMCA issues, and creating adversaries out of the the companies whose software you broke into little pieces :-) Also good points on making sure you inform management of what you found so they can line up their lawyers for damage control if the company decides to play rough. Dr. Rubin talked about his research into the Diebold voting machines and cracking the RFID (exxon/mobil speedpass) as well as some of the car keys that use similar technology to verify that your key is paired with your car.